All-optical networks (AONs) are considered a promising technology for next-generation optical networks. Major applications of AONs include metropolitan area networks (MANs) and wide area networks (WANs), but MANs and WANs are not 100% secure. For instance, AONs are susceptible to malicious (or unintentional) disturbances (e.g., attacks or other faults that propagate in a network) since the signals remain in the optical domain within the network, and are hence difficult to monitor closely. Further, due in part to the high data rates supported by AONs, even disturbances of a short duration can result in a large amount of data loss. Hence, security of AONs upon disturbances has become an important issue, where an open question is how to incorporate security against disturbances in the design and engineering of AON architectures. Investigations of this question are important as AONs are still at an early stage of implementation and ground-up developments of secure all-optical networks are possible.
There have been some approaches to this question in the past in the context of crosstalk attacks in AONs. Crosstalk in AONs can be caused by signal leakage among different inputs at non-ideal network devices (e.g. optical switches), as illustrated in FIG. 1. FIG. 1 is a schematic diagram of an optical network node 10 that illustrates crosstalk attacks, and in particular a detrimental type of crosstalk often referred to as in-band crosstalk (e.g., where the crosstalk element is within the same wavelength as the signal). In-band crosstalk attacks can happen at fiber links or network nodes. The optical network node 10 comprises optical fibers 12, 14 coupled to demultiplexers 16 and 18. The demultiplexers 16 and 18 may be used in cooperation with optical filters (not shown). The optical network node 10 further comprises optical switches 20 and 22, which are coupled to demultiplexers 16, 18 by connections 24a, 26a, 28a, and 30a. The optical switches 20 and 22 are also coupled to multiplexers 32 and 34, via connections 24b, 26b, 28b, and 30b, where signals are combined, and then output via connections 36 and 38. The demultiplexers 16 and 18 split the optical signals received on connections 12 and 14 into a plurality of bands of different wavelengths. For instance, signals of a first wavelength (e.g., λ1) are provided on connections 24a and 28a, and signals of a second wavelength (e.g., λ2) are provided on connections 26a and 30a. As one exemplary mechanism of attack propagation, an attacker may gain legitimate access to a network node at connection 24a and insert a signal flow with strong signal power into the network. Due to the crosstalk effects of wavelength switches, a small fraction of the signal from the attack channel (on connection 24a) may leak into other normal channels (e.g., connection 24b, the leak graphically represented with a dashed line) in a shared switching plane. The leakage superimposed onto normal channels may exceed a predetermined threshold for a quality of service requirement, such that those channels are considered to be affected by the attack at network nodes. In other words, AONs are susceptible to crosstalk attacks.
As AONs grow in span and functionality, they have the potential to provide services to a wider set of applications in the future (e.g. analog services, novel applications that require optical interfaces, etc.). Therefore, there is an increasing demand for access of the AONs from outside parties, such as limited management access to the network from partners and customers of service providers, which results in an increasing threat to optical network security. A wider set of users and an increasingly open platform of optical networks entail a higher risk of misuse of the network, which is evidenced by the security threats such as denial-of-service attacks and worm attacks in the current Internet.
There have been several research activities with an aim to mitigate the threats of crosstalk attacks in AONs, including attack detection based on node wrappers, determination of necessary and sufficient conditions for crosstalk attack localization, and general frameworks for managing faults and alarms in AONs. However, these approaches are reactive in nature. Furthermore, certain crosstalk attacks are difficult to detect. For instance, sporadic crosstalk attacks may disrupt service but “disappear” before it can be detected.